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Our  research  was  concentrated  on  the  following  topics: 

1.  Verification  of  Concurrent  Programs:  A  Proof  System  ([!]). 
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A  proof  system  based  on  temporal  logic  is  presented  for  proving  properties  of  concurrent  pro¬ 
grams.  The  system  consists  of  three  parts:  the  general  uninterpreted  part,  the  domain-dependent 
part  and  the  program-dependent  part.  In  the  general  part  we  give  a  complete  system  for  first-order 
temporal  logic  with  detailed  proofs  of  useful  theorems.  This  logic  enables  reasoning  about  general 
time  sequences.  The  domain-dependent  part  characterizes  the  special  properties  of  the  domain 
over  which  the  program  operates.  The  program-dependent  part  introduces  program  axioms  which 
restrict  the  time  sequences  considered  to  be  execution  sequences  of  a  given  program. 

The  utility  of  the  full  system  is  demonstrated  by  proving  invariance,  liveness  and  precedence 
properties  of  several  concurrent  programs.  Derived  proof  principles  for  these  classes  of  properties 
^  are  obtained  which  lead  to  compact  representation  of  proofs. 

q  2.  Temporal  Proof  System  for  General  Languages  ([2]). 

An  abstract  temporal  proof  system  is  presented  whose  program-dependent  part  has  a  high-level 
L«  f  interface  with  the  programming  language  actually  studied.  Given  a  new  language,  it  is  sufficient 
—I  to  define  the  interface  notions  of  atomic  transitions,  justice,  and  fairness  in  order  to  obtain  a  full 
U.  temporal  proof  system  for  this  language.  This  construction  is  particularly  useful  for  the  analysis  of 
concurrent  systems.  We  illustrate  the  construction  on  the  shared-variable  model  and  on  CSP.  The 
generic  proof  system  is  shown  to  be  relatively  complete  with  respect  to  pure  first-order  temporal 

5  *°^c' 

3.  Proving  Precedence  Properties:  The  Temporal  Way  ([3]) 

We  explore  the  three  important  classes  of  temporal  properties  of  concurrent  programs:  in¬ 
variance,  liveness  and  precedence.  We  present  the  first  methodological  approach  to  the  precedence 
properties,  while  providing  a  review  of  the  invariance  and  liveness  properties.  The  approach  is 
based  on  the  unless  operator  U  which  is  a  weak  version  of  the  until  operator  U.  For  each  class  of 
properties,  we  present  a  single  complete  principle.  Finally,  we  show  that  the  properties  of  each 
class  are  decidable  over  finite  state  programs. 
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4.  Verification  of  Concurrent  Programs:  Adequate  Proof  Principles  ([4]). 

We  present  proof  principles  for  establishing  invariance,  eventuality  and  until  properties.  The 
methods  for  liveness  are  based  on  well-founded  assertions  and  are  applicable  to  both  “just”  and 
“fair”  computations.  These  methods  do  not  assume  a  decrease  of  the  rank*  at  each  computation 
step.  It  is  sufficient  that  there  exists  one  process  which  decreases  the  rank  when  activated.  Fairness 
then  ensures  that  the  program  will  eventually  attain  its  goal.  In  the  finite  state  case  the  proofs 
can  be  represented  by  diagrams. 

5.  Synthesis  of  Communicating  Processes  from  Temporal  Specifications  ([5), [6]). 

We  apply  Propositional  Temporal  Logic  (PTL)  to  the  specification  and  synthesis  of  the  syn¬ 
chronization  part  of  communicating  processes.  To  specify  a  process,  we  give  a  PTL  formula  that 
describes  its  sequence  of  communications.  The  synthesis  is  done  by  constructing  a  model  of  the 
given  specifications  using  a  tableau-like  satisfiability  algorithm  for  PTL.  This  model  can  then  be 
interpreted  as  a  program. 

6.  Special  Relations  in  Program  Synthetic  Deduction  ([7]). 

Program  synthesis  is  the  automated  derivation  of  a  computer  program  from  a  given  specifi¬ 
cation.  In  the  deductive  approach,  the  synthesis  of  a  program  is  regarded  as  a  theorem-proving 
problem;  the  desired  program  is  constructed  as  a  by-product  of  the  proof.  We  present  a  formal 
deduction  system  for  program  synthesis,  with  special  features  for  handling  equality,  the  equivalence 
connective,  and  ordering  relations. 

In  proving  theorems  involving  the  equivalence  connective,  it  is  awkward  to  remove  all  the 
quantifiers  before  attempting  the  proof.  The  system  therefore  deals  with  partially  skolemized 
sentences ,  in  which  some  of  the  quantifiers  may  be  left  in  place.  A  rule  is  provided  for  removing 
individual  quantifiers  when  required  after  the  proof  is  under  way. 

The  system  is  also  nonclausal;  i.e.,  the  theorem  does  not  need  to  be  put  into  conjunctive 
normal  form.  The  equivalence,  implication,  i  *d  other  connectives  may  be  left  intact. 

7.  The  Logical  Basis  for  Computer  Programming  ([8]). 

This  is  an  introductory  textbook,  divided  into  two  volumes. 

The  first  volume,  subtitled  Deductive  Reasoning,  describes  several  logical  structures  and 
presents  methods  for  the  informal  but  rigorous  proof  of  theorems  (or  properties)  about  these 
structures.  In  this  volume,  we  introduce  the  basic  notions  of  propositional  and  predicate  logic,  and 
theories  with  equality  and  with  mathematical  induction.  We  describe  within  theories  with  induc¬ 
tion  some  of  the  most  important  structures  of  computer  science,  including  the  integers,  strings, 
trees,  lists,  sets,  tuples  (arrays),  and  sequences.  We  apply  logical  methods  to  establish  in  these 
theories  properties  such  as  the  correctness  of  algorithms  for  parsing  (of  strings)  and  sorting  (of 
tuples).  The  induction  principles  of  the  various  theories  are  then  unified  into  a  single  well-founded 
induction  principle. 

The  second  volume,  subtitled  Deductive  Techniques,  presents  methods  for  the  formal  proof  of 
such  theorems,  oriented  toward  the  development  of  computer  theorem-proving  systems.  In  this 
second  volume,  we  apply  the  concepts  of  the  first  volume  to  develop  more  formal  proof  techniques. 
We  first  describe  an  additional  theory  with  induction,  the  theory  of  expressions  and  substitutions. 
Within  this  theory,  we  describe  the  unification  algorithm  and  prove  its  correctness.  We  then 
introduce  special  logical  techniques  essential  in  theorem-proving  systems,  such  as  skolcmization  and 


polarity.  We  present  a  deductive  system  for  describing  formal  proofs;  this  framework  incorporates 
the  most  useful  logical  techniques  for  theorem  proving,  including  resolution,  rewriting  rules,  and 
proof  by  mathematical  induction. 

8.  Reasoning  About  Digital  Circuits  ((9),  [10]). 

We  present  a  formalism  called  interval  temporal  logic  (ITL)  that  augments  standard  predicate 
logic  with  time-dependent  operators.  ITL  is  like  discrete  linear-time  temporal  logic  but  can  describe 
time  intervals.  The  behavior  of  programs  and  hardware  devices  can  often  be  decomposed  into 
successively  smaller  intervals  of  activity.  State  transitions  can  be  characterized  by  properties 
relating  the  initial  and  final  values  of  variables  over  intervals.  Furthermore,  these  time  periods 
provide  a  convenient  framework  for  introducing  quantitative  timing  details. 

We  presented  the  propositional  and  first-order  syntax  and  semantics  of  ITL.  We  demonstrate 
ITL’s  utility  for  uniformly  describing  the  structure  and  dynamics  of  a  wide  variety  of  timing- 
dependent  digital  circuits.  Devices  considered  include  delay  elements,  adders,  latches,  flip-flops, 
counters,  random-access  memories,  a  clocked  multiplication  circuit  and  the  Am2901  bit  slice.  ITL 
also  provides  a  means  for  expressing  properties  of  such  specifications.  We  examined  such  concepts 
as  device  equivalence  and  internal  states.  Propositional  ITL  was  shown  to  be  undecidable  although 
useful  subsets  are  of  relatively  reasonable  computational  complexity. 
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